Slashdot Mirror
Heise Online Reveals Trojan / Spam Connection
yourruinreverse writes "Virus distributors have been caught red-handed selling IP addresses of trojan-infected machines by editors of the German IT magazine c't. Several individuals appear to have been arrested already after c't, revealing one of the virus writer's nationality as British, passed on the information to Scotland Yard. Check out the German article first, then its translation on Groklaw and maybe also same translation posted in the English section of the Heise website (in order of appearance)."
"With the help of c't, a student of computer science has tracked down the authors of a computer virus. The editorial staff were able to establish contact with the virus distributors and buy IP addresses of infected machines. Because one of the virus distributors has been located in Great Britain, c't has passed on all information to Scotland Yard. By now, individuals in several countries have been arrested."
The Slashdot heading leaves out that it was a College Student who did this primarily. Will this continue to be a pattern in the future? I sure hope so, as law enforcement is typically behind the times, and overworked as it is. This way, order is still maintained without vigilante justice, since those in the know involved proper law enforcment.
libertarianswag.com
Back in 2000 Theo predicted that this would be problem... why I took so long to happen god knows....
I hope they send them to a British pound-me-in-the-ass prison!
In Britain, this happens in the private schools, not the prisons...
Tubal-Cain smokes the white owl.
When will they post a website that has an engine that will allow us to submit IP addresses / MAC addresses to find out whether they are infected? I have the entire IP table of where I work... knowing what machines have been compromised through trojans would be helpful... Either way... Go Heise!
From the description of the virus. It seems like the author was just asking to get caught.
That said, It doesn't seem like this trojan would of been a major security problem.
Contacting him through IRC, personally sending commands to infected computers. All of this can be traced.
Keep Smiling!
Erick
http://www.busyweather.com/
OK, we all knew it, but maybe this will be enough incentive for the major news outlets to pick the story up. In an ideal world people would see this story, realize that much of the spam they get can be blamed on viruses and patch their systems.
Too bad we don't live in a perfect world.
Same dif.
KFG
I thought that people have been saying that open relays (which, effectively a machine with a RAT on it is) were not to blame for spam these days.
So, if you're paying for IP addresses then that's probably not entirely accurate. Unless you're just trying to bring the advertisement directly to the person's screen. I'd believe that.
So did these guys have IP addresses hanging from their necks like bling blings?
From excellent karma to terible karma with a single +5 funny post...
Hello!
:(
This article does not surprise at all. Thus I already read some months ago in the net of a root kit for Linux, which on the stricken computer installs itself and camouflages and then a special SMTP server starts, which from the outside refers always 1000 email addresses in the way of Client server communication and sends then the Spam. In the connection it sent back even still the Resultcodes to the server.
In the case it was more difficult to pursue the author back because on the one hand the servers were located in several states and on the other hand the companies, to which the IPs/Domains belonged again mail box or dummy firms was.
The problem is that here regular servers were stricken, which did not have dial up IP and thus also not over RBLs are recognized.
Which one from it learns is probably clear: Safety updates bring in, mail content scaning (spamassassin), and feel safe never.
Unfortunately did not know I meant articles any longer to find, otherwise I would have quoted him
First problem: Spammers abuse the system and find the compromised targets and set out to abuse them before the well meaning sysadmin has so much as raised a finger.
...i'm sorry to say it, but goddamn, an example needs to be made of these fools.
plain and simple: virus writing will get you in deep shit.
But I thought private schools were called public schools in Britain to differentiate them from government schools?
THE NERD IS THE COMPUTER.
If so, its his/her job to do that ( actually to prevent it in the first place ) .. not yours.
---- Booth was a patriot ----
I think we've hit the point where three outlawed industries are now joining forces to support each other. P2P file sharing is an application consumers want but just isn't legal. Therefore, the writers of P2P applications just can't use legal means to collect money for it, they have to get paid under the table. Spyware and virus writers have the same goal, find any way possible to get their software onto your computer so they can get it to do their bidding. To them, how they get their payload isn't important How do they get paid? Well, who most needs distributed computing resorces with scattered IP addresses and bandwidth? Spammers. So, they'll gladly pay the creators of bot nets for their services, in a way no ethical buyer ever word. So there you have it, the connection between P2P and spam...
No, the government schools are called state schools.
-- Soruk
Maybe he is the admin? o.0
I try to be nice I really do. But when moderators mod a post offtopic when it wasn't really gets me steamed. What do I have to do? put Microsoft Sux0rs after every sentence? would that make you happy? huh?
Note: To all the meta moderators - if you come across this post you know what to do with it.
with the current level of overcrowding of prisons maybe we have found the way forward - detained in a public school. All the joys of prison with a first class education.
A few weeks ago I noticed a HUGE spike in the number of trojan scans against my firewall. I found that the scans were coming from pretty much everywhere (world-wide), and seem to start up almost as quickly as I connect to the net. I have been wondering what was behind such a spike in trojan scan activity; I guess this is my answer.
Fortunately, there are no known trojans on my system, the firewall and the virus checker are doing their jobs.
Be excellent to each other. And... PARTY ON, DUDES!
yes, private==public in UK schools.
It would be very useful if the police forces had well-publicised points of contact for reporting computer and internet crime. At the moment, the local police station is unlikely to know anything at all, unless you are lucky to meet one of the few policemen who is really into computers, likely as a hobby. The expertise seems mainly to be in Scotland Yard, the department there could do with more funding, more staff, and more publicity, such as a simple means to contact them by email or web. My systems get beseiged by attacks from a handful of IP addresses, and if there was a central point for reporting all these easily, it would not be hard to spot the patterns and take appropriate action. For example, a warning letter from the police might be sufficient to get open mail relays closed, and cable modem users who have been trojaned might pay heed and take proper precautions. This could be largely automated, only where the parties concerned were deliberately committing criminal acts, or who failed to react to a warning, would the full powers of the Computer Misuse Act need to be applied.
Not so long ago there was an idiot on the NTL cable network who was causing continual problems to others because his machine was running continually and had been trojaned, and was being used by hackers elsewhere. Something like that, after a few independent reports, should automatically trigger a "cease and desist" letter, together with some good advice on cleaning up the problem.
It seems to me that it should be quite simple to gather and collate information from the public, which with the ISP's logs would enable the causes of problems to be located and dealt with. I for one don't mind my ISP's files being available automatically to a law-enforcement robot, I rather would get a warning letter or email if something was amiss.
Of course the way to deal with the most recent round of severe problems is to simply ban Outlook. I wonder if the Convicted Monopolist could gain another conviction for deliberately producing software which facilitates contravening the Computer Misuse Act? BTW it would help if other countries enacted similar legislation instead of being misled by fascists like the RIAA into stupidly focussing on those who might want to play a DVD on their Linux computer, for example. In the UK, the CMA has real teeth, sadly it does not get exercised as often as it should, because it provides a means to outlaw certain vile practices. For example, if an installer deliberately cripples another application (we all know some that do, and most come from the Redmond area), that is a criminal offence, and rightly so, yet I have not seen any prosecutions. The wording of the Act would suggest that if installing Windoze as the second OS blows away the ability of Linux/BSD/OS-2 (or whatever) to boot, then an offence is committed. The only defence seems to be that it was done in ignorance. Can you imagine Bill standing in the dock in the Old Bailey, pathetically whining that he was not guilty, he was only ignorant? Justice would be admirably served by that admission.
If hes the admin, he shouldnt have to ask those questions, and have a much better handle of what his network is doing...
---- Booth was a patriot ----
The machines infected with the trojans can be used as spam relays.. sure - but at the same time theyre also a gold mine for fraud, just think about all the data stored on the hard drives available for download - financial data, all kinds of private documents.. this worries me more than spam. I think data theft will become a hotter topic in the near future.
I am in Indian and I do think that Slashdot does NOT discriminate against Indians. I think ur sig is downright stupid and untrue. And what do u have against Indians anyway ???
"Programming is like sex. Make one mistake and support it for the rest of your life !!"
This is no suprise for people involved in the anti-spam community. It has been discussed for some time in NANAE. What is REALLY sad is that some networks really don't seem to care, or don't have the time to police against this sort of thing. When I was Joe Jobbed by one of these spam gangs, using infected machines for webservers, I reported it to RR and comcast security. They were hosting their site all-oem.biz on several obviously compromised machines AND using my e-mail address in advertisements about their company. What did I get for my trouble? E-mail after e-mail that said - "To the best of our knowledge, the incident that was the basis of your complaint was neither posted by an individual using the Road Runner (Or Comcast) system, nor is it in any way related to the Road Runner (or Comcast) system or content maintained by Road Runner." What was funny is that if you did a dig on the domain being advertised it ALWAYS contained a road runner cable modem account.
Lets try it again for a test shall we?
# host www.all-oem.biz
www.all-oem.biz is an alias for all-oem.biz.
all-oem.biz has address 217.81.243.206
all-oem.biz has address 24.98.35.54
all-oem.biz has address 212.83.89.135
all-oem.biz has address 213.33.0.67
all-oem.biz has address 24.6.6.196
And again, what do we have, 2 comcast cable modems working away trying to sell software that APPEARS to be pirated, and is advertised via spam with false headers.
Lets check the DNS shall we, the dns servers for the domain are listed as follows
Name Server:NS1.MOROZREG.BIZ
Name Server:NS2.MOROZREG.BIZ
Name Server:NS3.MOROZREG.BIZ
Name Server:NS4.MOROZREG.BIZ
Name Server:NS5.MOROZREG.BIZ
Each of these name servers is also hosted on compromised machines, mostly broadband connections. Don't take my word for it, haul out nmap and take a look for yourself. The IP's for these name servers change pretty often. At this time no road runner accounts are showing up. I give it an hour before we get a few more.
In short this is nothing new, and no one should be shocked. Spammers have shown themselves to be an unscrupulous lot. What IS good is that this is starting to get some press. Perhaps this will put pressure on providers to police their networks better. Otherwise more drastic action may be required to be taken by other networks to simply protect themselves.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I guess it has to do with ratings. It's unfortunate that editing the content of the news increases viewership. You see I, a US citizen, want to see ALL of the news, but unfortunately, our corporate news outlets censor a lot of what's going on to boost ratings! That's why I read foreign news sources as much as I can.
There is no spoon or sig.
And what do u have against Indians anyway ???
Nothing whatsoever. My sig is about the growning resentment exhibited on /. against India and Indians; I think some of this resentment is bordering on racist, and I'm worried by it. The fact that you are an Indian and you disagree with me does not make this problem go away.
Tubal-Cain smokes the white owl.
The version I've always heard is that hundreds of years ago the only way to be educated was a private tutor. When they were introduced, "public schools" (schools where pupils' parents pay fees) were called that to differentiate between private tuition and a public school.
;-)
The terminology is a bit unfortunate, now that private tuition doesn't happen and state schools are more public than "public schools", but that's how the English language works
Schools entirely paid for by taxes are "state schools" (as in "separation of Church and State", not as in "Washington state").
There's a good side to this - spammers pay for addresses, meaning their costs go up. I guess you can get a fairly good list of infected machines, for free, just by tracking nanas. Just to show you how commercialized the internet has become :)
I'm supposed to RTFA 3 times?
1: You're lucky if one out of every 3 read it once.
2: Is this supposed to be a cascading Slashdotting? Next time just submit the story 3 times with a different link each time.
Microsoft has $250,000 set aside for a bounty on MyDoom authors and so did SCO. What are the chances this CS student will get some small amount for turning these guys in?
This doesn't surprise me in the least. While it sickens me, I don't find this to be that startling. I, for one, have always thought the people who write malware are scum. They may try to justify their actions with lame claims of: 'Oh, i only did it to show how weak the system is', or 'I am only trying to learn more about the internal workings of the O/S'. But, let's face it, they are little more than little creeps with serious social behavioural problems. They know what they are doing is wrong, yest can find any manner of reason to justify their behaviour. In the end, they are criminals, scum, and a**es. That some are now selling harvestedd ip addresses to spammers should come as no surprise at all. I just wish I knew a way to punish them that would not only satisfy the gravity of their offence, but would also serve as a good deterrent. A pox on all of them.
Not all true public schools are boarding, and a few state schools are. Therefore to be correct, the parent should have said "In Britain, this happens in boarding schools, not the prisons".
To make life even more complicated, the UK has a prison (Ford Open Prison) which is where all the fraudsters and bent accountants go. It is supposed to provide one of the best (unofficial) MBAs you can get.
Panurge has posted for the last time. Thanks for the positive moderations.
The Trojan broke and the spammers were born.
Selling infected IP addresses may be immoral but what is illegal about it?
I run snort on a bunch of systems and have some very large lists of infected IP addresses. I suspect many others do too. Every time snort burps up a new IP address I inform the ISP that "owns" the IP address. The reality is that no one cares. I have been "hit" by 68.162.91.238 over 20 times in the last month by different viruses.
These lists are easy to come by and even easier to generate. If someone is dumb enough to pay good money for a list of infected computers - let me know. I wonder what the going rate is.
If these machines get abused enough maybe, just maybe they'll get fixed.
In related news Norman Bates may not be the best person to teach a course in hospitality.
I think you are right too. But when programmers are out of job and see Indians getting those, just because they cost less, they loose their cool. Anyways I am more worried about the fact moderaters are severely biased too. Look at all the comments and anything negative about India is moderrated up more than it should be. Anyone who knows about India only from Slashdot will have the opinion it is worse than medivial slave market because of the caste system. In reality caste system does not exists much in the cities.
In Britain, this happens in the private schools, not the prisons...
or the Catholic church!
"+5, righteous bloodlust"?
uhm, most people are resentful of those who take jobs from US workers while the government hands out Visas like fucking candy on halloween. You can gloss it over with flashy words like "racist" if you want to, but that's bullshit.
No it's not. Know how I know of this? I live here! I used to think you were a harmless dilettante but now I see you're crazier than a shithouse rat. Racism? Rising? What the fuck are you talking about? Looks to me from news reports that Europe is having a far worse problem w/ racism than the US. Remember when you were claiming that the US forces Muslim men to register? Boy that one was stupid but I chalked it up to being uninformed or just too much reading of an t-US sites but now I know either you're making this shit up or you're just crazy.
Look, you're wrong. I live here. It's not happening. I have no reason to lie. Get off your little crusade against the US and try looking into a real evil government such as North Korea.
This guy is way out there
The most interesting thing is that you tried to look it up, but didn't succeed. It's still true (you might try to use words like "illegal immigrant registration" etc when looking, but the fact is still that the US wanted Moslem men to register after 11/9). The source for that information was, if memory serves me correctly, Wolf at CNN.
.. rewriting the constitution to forbid gay marriages.
The current Christian right wing regime in the US is more dangerous than the socialist Moslem regimes you hate so much. Have a look at that idiot Bush latest suggestion
it's in my head
A contradiction surely, or are you using the American "'socialist' means anything I dislike" definition?
Islam is socialistic - Mohammed disliked the extreme capitalism amongst the arabs in that region and Islam has as a core belief that you should help others instead of accumulating wealth yourself. ... that "socialism" as a word wasn't invented doesn't mean anything when looking at what Islam is about - something very few people in the West do before judging. How many people know that Islam gave women rights 600 b.c that they didn't get until 1800 b.c in Christian countries?
(I'm not Moslem, but I study subjects before pretending I know anything about them. I recommend Karin Armstrong's "History of God" as a source to what I wrote above).
it's in my head
a.d - not b.c. Sorry.
it's in my head
Yeah, the Christian right is known for their sucide bombers destroying buses full of innocent people...oh wait.
Who said I hate the Muslem regimes? I don't agree w/ any theocracy or gov't that kills women for adultery or simply doesn't believe in women's rights. I don't hate them simply because of their religion, I don't think much of any religion. Check out that whole separation of church and state the groups here in the US always beat the christian fanatics w/.
Still couldn't find anything on registration of Muslim men either. It didn't happen. You as much as said so. Just because you think you heard a newscaster say so doesn't mean it's a fact.
That is an idiot suggestion from Bush, you're right.
You accord the christian right here in the US much more power and influence than they actually have. There's a few vocal idiots but we have our counterbalances-thank god or whoever for Thomas Jefferson.
So what about North Korea? Much better than the US? I still can't understand why none of you internet activists aren't bothered by North Korea and China. Much more fashionable to bash the US, I suppose.
This guy is way out there
Please read the other thread with regards to my original post - I talk about more about Islam (of which you apparently know nothing) there.
The US is a lot more dangerous than North Korea or China.
(Regarding the topic of registration, if you look closely you'll find that I never write about things I cannot back up. I was not prepared for CNN removing the link to the article where I got this from, and it is nowhere to be found. If the cause for that was a respected journalist making things up, or pressure on CNN from somewhere, is up to you to decide. I'm still trying to find additional sources)
That one issue is however, only _one_ issue of many.
it's in my head
Please. I've actually been to Islamic countries and I doubt you've left Europe. The women's rights scenario there IS terrible as 2 minutes of Googling (an American company you'll probably point out) will tell you.
Anyway whether or not Wolf Blitzer made it up or you can't remember who said it, it did *not* happen. Muslim men have all of the same freedoms everyone else does.
Get off your ass and go see what the women's rights situation is like now, not a thousand years ago. One of my best friends is a female in the Marine Corps and she is full blooded Afgani. Her family fled Afganistan beucase of the theocracy and the lack of education for women. Now her father is helping the US rebuild his country and is ecstatic over the chance to do it. Again, this isn't off the Internet, it's actually happening.
As far as which country is the most dangerous, last time I checked the US wasn't threatening nuclear destruction to its neightbors while busily starving it s own people to pay for said nuclear weapons. What the fuck's the matter w/ you? Look at North Korea! Are you blind?
This guy is way out there
As far the US having the Christian right in charge, you might want to read this.
This guy is way out there
You mistake a regime for a religion. You might want to bash any countries you like - but to go and spread lies about Islam won't help you (or the US in general) anywhere.
Yes, I've both read the Quran and a lot about Islam - out of curiosity, and to be sure not to fall for common western myths.
The US considers any country capable of producing WMDs a threat, and has reserved the right to attack first to protect itself.
Sweden can, easily, make WMDs. Do you see the faulty logic here?
it's in my head
It took a while, but:
So far the United States has asked only nationals of 25 Muslim nations and North Korea to register with the US Immigration and Naturalization Services in an effort to curb terrorism
http://www.dawn.com/2003/01/21/top12.htm
Link was found in a post made pa CJ here: http://www.dialognow.org/node/view/661
(Search for "registration")
Excerpt:
At first it was "Middle Easterners" (exclusive, of course, of Israeli men). Now it's South and Southeast Asian men, and North and East Africans...And for what? The program is not going to stop rogues from coming into the country - it will only punish men who are already in compliance with the laws, and continue the scapegoating of the wrong people.
Now you might be able to find more information yourself.
it's in my head
How am I spreading lies about Islam again?
This guy is way out there
You mistake acts by regimes as being supported by Islam. In reality - Islam is the only religion to embrace all other religions and say "hey - as long as you reach God we don't care how", and Islam also gave women rights in 600 a.d. that they didn't get until 1800 a.d. in the "western" countries. I recommend "History of God" by Karin Armstrong, if you're at all interested in _knowing_ instead of accepting propaganda.
it's in my head
OK,I didn't say that they were supported by Islam but here in America we believe in seperation of chruch and state. They do not. As far as the wome's right are concerned, that was great in 600 a.d. but look at the present day.
This guy is way out there
Compared to Sweden your state is extremely tightly connected to Christianity. Scientific American used that (and a few other things) to "judge" countries all over the world as being more or less "modern". Sweden was at the top, with the other Nordic countries close behind. The US was lagging _quite_ a bit.
...
I think you'll find that not all Arabic nations have Islam as state religion. Should I name a few of the well known ones, or do you think you can find that info yourself?
To repeat: There's a lot of anti-Moslem stuff coming out of the US - and then you act surprised when they don't like you back
it's in my head